RUMOR: No software will be able to run on Mac OS X 10.7 without being approved and signed by Apple

invisibleSHIELD case for iPad“Apple began charting the future of their flagship computer Mac OS X today as the developers of tomorrow finally learned how they’ll be able to participate in it,” Rixstep reports.

“Apple will begin signing up independent software vendors (ISVs) for the 10.7 developer programme by early autumn 2010,” Rixstep reports. “Membership will cost $99 just as the iPhone programme and will include a number of benefits including free downloads of the Xcode developer tools and access to online API documentation.”

Rixstep reports, “Developers planning on marketing software for 10.7 will submit their products to the App Store as iPhone and now iPad developers have already done. 10.7 will have kernel support for (‘insistence on’) binaries signed with Apple’s root certificate. No software will be able to run on Mac OS X 10.7 without being approved and signed by Apple, Inc.

“Slapping a root certificate on a binary running Snow Leopard or earlier doesn’t change anything: the certificate represents an additional executable section that can easily be removed. Individual apps can of course check for the presence of a certificate, but it’s not before the OS kernel itself insists on this certificate that program execution is totally in Apple’s control,” Rixstep reports. “It’s expected there’ll be efforts to ‘jailbreak’ 10.7 just as there have been with the iPhone and iPad systems.”

Full article here.

9 to 5 Mac is reporting that a developer they’ve contacted says that the facts are distorted in the Rixstep article:

Code signing for Mac Applications is already in place, and has been for a couple of versions of Mac OS X. There is a command line tool included in OS X (sorry, don’t recall the name) that can show the user which apps are signed, and by what certificates Contrary to the article, code signing of applications is already used by OS X.

You’ll notice that when you update some third party applications from, for example, v1.0 to v1.1, if that app stores data in you keychain, the first time you run the new version of the app you will get the popup window saying “Application X would like to use data stored in you keychain.” This is because the application is not signed, therefore the System can’t verify it is the same app from the same developer after it has been updated and the executable has changed on your disk.

You may not have noticed that when you update Safari or Mail or some third party apps, you do not get the dialogue, as these apps are signed, and the signing is still valid after the update, so the System can be sure the app has not been tampered with by a 3rd party, and it is OK to continue to allow it access to the keychain.

Full article here.

113 Comments

  1. Go ahead, jailbreak your system, but don’t complain that you have viruses on your computer.
    This will definitely cause a stir, especially in freedom freak circles, but I actually like the idea.
    I think you should have a choice though, so if one is willing to take a risk, one can run apps from unknown source.

  2. Interesting move. I expect we’ll hear quite a bit of resistance from existing OS X developers, as Perry just indicated.

    It’s one thing to start a new platform off with such restrictions (iPhone, iPad), but those also had a distribution model and profit sharing model which removed from developers the need to process credit cards, etc.

    Mac OS X’s developer environment is very different, so it will be interesting to see what carrots Apple brings to the table to entice/placate developers.

  3. I bet apple will open up the app store to mac apps, but only ones that meet their stringent requirements, like they do for iphone and ipad. I’m ok with that. I’d like a good place to buy mac apps (and games) online.

  4. Bullsh*t

    This is yet another attempt by a group who shorted Apple and NEEDS to reverse this stock uptick so they don’t lose their “shorts”.

    There is literally no way Apple would change to this for their professional architecture. Consumer products, yes.

  5. If the app is good then there is no worry… but what about all those free apps people like to write or update?? Gotta send off that crap to apple to get approved first.

    One thing is for sure.. it will definitely boost up the guarantee of apps running effectively. That being said… if this happens there will be many people who will just hack the OS X into just allowing the app to run..

    and yes it will be done by many.

  6. Read the story before commenting.
    It appears that Apple will give you the option of having your software “validated”; if so, it will be “trusted”.
    Software that has not been “validated” will be flagged as such when you attempt to run it. I don’t see this as “a bad thing”…
    You can still run it, but are just warned to be careful.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.